Trust & Security

Your data. Your control. We never train on your contracts.

Lexilio was built from day one on a privacy-first foundation. Your contracts are analysed in real time and permanently deleted the moment you choose to remove them. No exceptions. No ambiguity.

GDPR COMPLIANT

Full compliance with UK and EU GDPR.

DATA HOSTED IN EU

All data stored on EU-region infrastructure.

ENCRYPTED

AES-256 at rest. TLS 1.3 in transit.

ZERO RETENTION

Documents are permanently deleted when you remove them.

NO AI TRAINING

We never use your contracts to train AI models.

RBAC

Granular permissions for Owner, Admin, Member, and Viewer.

Foundation / operating modelContract data remains customer-controlled

Security built for contracts that carry real commercial exposure.

Lexilio handles tender packs, amendments, notices, claims, and negotiated positions as confidential customer material. The platform is designed around least-privilege access, regional hosting, deletion discipline, and a plain commitment: your contract data is processed to serve your project team, not to build someone else's model.

Model training
Never
Customer control
Always
Built for board-level vendor review, legal scrutiny, and tier-one construction confidentiality.
01

Data sovereignty

Customer workspaces are structured so contract records, analysis outputs, and deletion events remain under client control.

02

No model training

Uploaded contracts, prompts, mark-ups, and generated outputs are not used to train Lexilio or third-party foundation models.

03

Permissioned access

Role-based access, workspace boundaries, and administrative controls are designed for multi-entity contractor environments.

04

Deletion discipline

When a customer removes a document, Lexilio treats that as an operational instruction, not a soft preference.

Contract data handling

Minimum necessary processing
Account layer
Names, emails, organisation details
Provision users, route notices, and manage workspace access
Contract layer
Documents uploaded for analysis
Run commercial review, obligation extraction, and risk mapping
Usage layer
Product telemetry and performance signals
Improve reliability, latency, and workflow quality
Security contact

For security, privacy, or vendor review questions, contact security@lexilio.co.

Security FAQ

Questions procurement teams ask first.

No. Customer inputs, uploaded contracts, generated outputs, and review history are processed to provide the service and are not used to train Lexilio or third-party foundation models.

Lexilio uses EU-region infrastructure for customer data storage, with security controls designed around GDPR expectations and enterprise procurement review.

Deletion is treated as a customer instruction. Removed documents are no longer retained as active customer contract records after deletion.

Workspace access is governed through role-based permissions for Owner, Admin, Member, and Viewer roles, supporting separate responsibilities across commercial, legal, and project teams.

Lexilio protects customer data with encryption at rest and encrypted transport, including AES-256 at rest and TLS in transit.

Yes. The security posture is documented around privacy, access control, deletion discipline, regional hosting, and no-training commitments for serious procurement and legal review.